This invention relates in general to computer networks and, more specifically, to a system for verifying, and assuring, a proper recipient for information transfers over computer networks.
As computer networks such as the world wide Internet, corporate intranets, local area networks (LANs), etc., grow in popularity, it becomes important to provide for secure transfer of information over such networks.
For example, the use of electronic mail, or xe2x80x9ce-mail,xe2x80x9d is a very common and quick way to transfer information from a sender to a receiver over a network. As the use of e-mail becomes more common, much of traditional correspondence is being handled electronically over networks.
However, a problem arises where sensitive information needs to be transferred via e-mail over a network. This is because e-mail is notoriously unsecured. Part of the reason for this is that e-mail information is relayed among several, or many, computers, before it reaches its intended destination. Another reason that e-mail is not a secure form of transmission is that individual e-mail accounts are sometimes accessible to other than the intended recipient. This can be due to either to carelessness on the intended recipient""s part, illegal or dishonest acts on the part of a third party, etc. The nature of electronic media and communication often makes it relatively easy for a third party to view, appropriate, or otherwise obtain another person""s information.
A further problem with e-mail communication is that one does not know the actual source of a received bit of information. In many of today""s business dealings, a person needs to know, with a good degree of reliability, that they are dealing with the right person. E-mail transmissions are not confined to any one computer or any one place. An e-mail sender, or someone who is replying to another e-mail message, can originate their transmission, or response, from anywhere in the world. Note that these problems are not as likely with traditional forms of communication, such as regular mail, facsimile transmission, telephone communication, telegrams, etc.
Despite the potential problems with e-mail transmissions, it is desirable to be able to use electronic communication over a network because of the speed of communication, cost, ability to integrate communications with other computer applications, etc.
Thus, it is desirable to provide a system that overcomes some or all of the problems discussed above.
The present invention provides verification mechanisms to be used in network communication, such as e-mail. A person sending information to a previously unverified recipient first enters xe2x80x9cAddress Bookxe2x80x9d information about the unverified recipient into the sender""s e-mail system. Part of this initial information includes the recipient""s e-mail address and a way of communicating with the intended recipient other than by using the e-mail address. For example, regular mail, fax, or other means can be specified.
When the sender sends the information to the intended recipient, the recipient is not able to receive the information until an identification code is entered by the intended recipient. The identification code is transferred via a different method that does not use the intended recipient""s e-mail address.
In a preferred embodiment, a fax is sent to the intended recipient that includes the identification code, referred to as a xe2x80x9cQuick-Access Numberxe2x80x9d (QAN). The intended recipient then logs on to the e-mail system and enters their user name and QAN.
When the recipient logs on for the first time and enters the QAN, the recipient""s e-mail account is associated with the sender""s entry for that intended user in the sender""s private address book. Provision is also made for a representative of the recipient, as opposed to the actual recipient, to perform the logon and receive the information. As part of the logon process, the person logging in is asked to attest that they are the intended recipient or a representative of the intended recipient. The initial logging on of the intended recipient, or the intended recipient""s representative, generates an automatic fax to the intended recipient""s fax number. This is the same fax number as used to convey the QAN to the intended recipient. This fax upon login acts to defeat any attempt by an outside party to intercept and use the QAN to log on and impersonate the intended recipient. The fax verification upon login is repeated for the first 5 documents sent by e-mail to recipients who are new users of the system.
In a preferred embodiment, the system of the present invention is designed to handle various aspects of building, or contractor, bidding. The system automatically tracks correspondence between senders and recipients. Multiple senders may make individual entries into their private address books for the same recipient. In each case, the new sender creates an entry that sends a fax with a new QAN to the intended recipient. The intended recipient must then log on and enter the new QAN before the entry in the new sender""s personal address book is associated with the recipient""s logon account. The sender is given a chance to synchronize information that the recipient has typed in such as company name, physical address, etc. This allows the sender to keep an updated address book entry. Addresses can also be made public so that any senders may use the public address associated with a recipient""s.
In one embodiment, the invention provides a method for validating communications between a sending system and a human recipient over a computer network. The method includes steps of associating a network contact address with the human recipient; causing an initial send of information from the sending system to the human recipient over the computer network; in response to the step of initiating a send, providing an identification code to the human recipient by a method that does not use the network contact address; and detecting the submission of the identification code in association with the network contact address before completing the send of information from the sending system to the human recipient over the computer network.